I recently started to manage my own server with a cloud-based server. Recently I got hacked somehow and the server was used for phising. On the server it was installed CentOs, cPanel/WHM and CSF with medium security settings.

After being hacked I realize the need for more security. How can I make a secure server with CentOS?

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.

1

The hardening tag is a good starting point for 'how to secure X' type questions. Closed as a dupe, but you could ask a question on 'how to secure cPanel' as I don't think we have one of them.
–
Rory Alsop♦Aug 10 '12 at 16:00

3 Answers
3

SELinux - enable it with booleans for user folders and suexec and whatever needed plus train new rules thru training mode - per user writable tmp folders etc, this one is complex as it works system-wide, but also that's why it's OK.

Update CPANEL itself with the latest PHP 5.3 and apps

Update MySQL to 5.5 packages

ModSecurity with core rules prevents multiple exploits

PHP Suhosin, hardening like disabling fopen() with URLS

Making PHP source code read-only, e.g. only specific folders would be writable, with specific names using the website admin page.

Enabling IPTABLES firewall with limits and anti-scan, enable connection tracking, and no of connections it can handle (hash tables and buckets for iptables in /proc), also deny ssh etc access from every server.

Running Snort IDS with scan detection

Performing scans with Nessus and Web Scanners

Make sure that the backup made on different location and recoverable / non-erasable

Disable unneeded services (also reduces RAM)

Enable SuEXEC, FastCGI, that each account runs only in it's home folder and cant write / read temp files from others.

Run Anti-Virus for mail and web

Run multi-threaded (worker) Apache and php-cgi, and apply mod_qos to this.

Additionally you can harden your PHP apps as well.

Simply what you need is called "caging". SELinux, AppArmor, Cloud Linux does this all, and then you can harden PHP by making ini for each user, but if the site is vulnerable to e.g. code injection, then you cant help much with this except for the mod_security.

Also if this slows down too much, you can add Varnish proxy cache, and make your application also cashing / compiling the code, there are many levels of cache:

This is an extremely broad question, and as you may have already noticed, we could list hundreds of settings, tweaks, and changes that will "help make [a] server more secure" until the cows come home.

In addition to the general "close/shutdown anything you're not using," and the wonderful recommendations made here already, if this is your first time managing a server, it's also not a bad idea to start working through understanding core security principles.

CentOS is mirrored to RedHat, which is more frequently used in an Enterprise setting. As such, there's a lot of good material out there to get you started. Try taking a look at the NSA's guides to securing Linux:

The final step beyond making sure your server is secure, is ensuring the software and web application you're hosting are also secure. If your going to be doing web hosting, getting a handle on the types of vulnerabilities they pose and what that means for how people can get into your server is key (Hint: SELinux, while a pain, is your friend here). SQL Injection, Cross site scripting, etc - learn these and learn how to run web application assessments. OWASP is a great place to start for that